Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Debit Card Skimmed

  • 31-12-2023 4:56pm
    #1
    Registered Users, Registered Users 2 Posts: 1,323 ✭✭✭Hippodrome Song Owl


    My debit card has been skimmed and used a few times for non-Euro payments on something called Bolt. Thankfully I realised within a few hours and froze the card and subsequently phoned AIB to cancel it. It's under €50 gone so not overly concerned about getting it back, but it's an awkward time of year to get it sorted. Money transferred to my other account with a card hasn't been processed due to bank holidays, so things are pretty tight for a few days except for credit card.

    AIB couldn't give any indication of where or how this likely happened, just that it will be investigated within the next fortnight.

    I'm concerned about using my other cards in the same locations now though in case it happens again. The card hadn't been used at all for full week, then was tapped in the local chipper on Friday evening and the fraudulent activity started a couple of hours later. A week previous it was tapped in the local Aldi, and tapped in the local convenience store and used to withdraw cash at their in-store ATM. Apart from that it was only used online in major retailers such as Tesco and M&S over the previous 6 weeks.

    The ATM is probably the most risky I think - is that where it likely happened? But I'm now worried about using cards in Aldi and the local shops! Any insights here on how skimming usually occurs these days? Should I avoid using my other cards locally, or how quickly would an issue like this be sorted out and retailers notified?



«1

Comments

  • Moderators, Business & Finance Moderators Posts: 10,605 Mod ✭✭✭✭Jim2007


    Generally speaking when cards are cloned they are sold on the dark net rather than being used locally... So if your card has been used locally you might want to start to look closer to home and in particular who could have accessed your card. Do you leave your belongings unattended at say a sports facilities, at work, a shared residence and so on....

    I'd suggest you cancel and replace all your cards and turn on all security features for each card.



  • Registered Users, Registered Users 2 Posts: 936 ✭✭✭mondeoman72


    Isnt bolt a taxi app?



  • Registered Users, Registered Users 2 Posts: 1,323 ✭✭✭Hippodrome Song Owl


    Thanks, but you have misunderstood my post - apologies, it was quite long winded.

    The fraudulent transactions are all on something called "Bolt dot eu". But they are non- Euro transactions and that's how I realised there was an issue - AIB texting me to tell me what percent above the ECB FX rate they would charge for "my" non-Euro transactions.

    The other transactions I listed are the places I used the card - an attempt to try understand where it was likely to have been compromised and am now concerned about the same happening to any other card I may use in the same locations.

    There's no way anyone else has had access to my cards.



  • Registered Users, Registered Users 2 Posts: 20,828 ✭✭✭✭Donald Trump


    In theory, someone could clone your card if they stood close enough to you with a reader.


    The reality is likely simpler. Your card details were probably harvested months ago.



  • Registered Users, Registered Users 2 Posts: 4,957 ✭✭✭kirk.


    Wouldn't be the first time Jim misunderstood something

    He'll probably post some other self important mantra and close the thread



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,699 ✭✭✭mountain


    Bolt.eu has been the cause of my card getting cancelled too, AIB did refund the money.



  • Registered Users, Registered Users 2 Posts: 1,323 ✭✭✭Hippodrome Song Owl


    Any idea how your card was compromised and used on Bolt?

    Google suggests it is a taxi app as suggested above, but also perhaps for food delivery. The transactions are all fairly small amounts ranging from under €5 to €25.

    My main concern now is that my other cards will also be compromised if used in local shops. I can't see where else this could have happened unless it was online at Tesco, M&S or Next.



  • Registered Users, Registered Users 2 Posts: 2,699 ✭✭✭mountain


    I don’t,

    I had to cancel AIB debit card 2 times, both because of bolt charges,

    it’s a drag, as I’d no card while waiting for new card to be posted out



  • Registered Users, Registered Users 2 Posts: 7,030 ✭✭✭zg3409


    Do you use your debit card online? If so the device you used, phone or laptop may have a virus, or any website you used it on may have a virus on the site.

    If you only used it in stores, any of the staff or card machines or back end computer systems may be dodgy and be keeping a record of each card used.

    Banks profile fraud to try help locate the source and notify the business and block other cards used there.



  • Registered Users, Registered Users 2 Posts: 17,863 ✭✭✭✭fritzelly


    Had similar happen after a trip to Croatia - ~€1000 euro charge for an uber (flagged as fraud by the bank and denied), immediately suspected Uber as only signed up for it while in Croatia.

    Tried to think when if ever the card had been out of my sight as very careful in that respect


    Contactless are pretty much 100% safe (unless someone is near with a machine to charge) since they don't transmit your details so can't be copied that way - anyone swiping your card, atm etc are a very different story


    Handy with the likes of Revolute et al that you can block the magnetic stripe for payments



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,323 ✭✭✭Hippodrome Song Owl


    Yes it is used online frequently, but only ever on major retailers. My phone, laptop, or ipad being the cause of the problem would be a big concern. I'll look in that now, thanks.


    If contactless is safer then the only times the pin has been used in the past few months is at the ATM in the local convenience shop on Friday 22nd Dec (a week before the fraud), and at my hairdressers a fortnight previous. It's actually a rarely used card in person.

    I think the shop ATM may be the riskiest thing I've done with it, and I feel most suspicious about that. But funnily enough, my hairdresser hasn't been able to take card payments due "technical issues" for the previous four visitsbefore that last one (I've actually posted about that here in the cash or card threads as it's a massive pain having to get cash out) so that makes me wonder if something could be up there either.

    I have a barely used Revolut account, but no card.

    Am I safer using credit card and paying it off each month? I usually never use credit card and only have it for emergencies.



  • Registered Users, Registered Users 2 Posts: 2,699 ✭✭✭mountain


    Use card online a bit, odd that on both occasions it was bolt that was the charge.



  • Registered Users, Registered Users 2 Posts: 17,863 ✭✭✭✭fritzelly



    What usually happens is a few small charges to see its working and if flagged then a big big purchase



  • Registered Users, Registered Users 2 Posts: 2,519 ✭✭✭golondrinas


    I use Bolt in Spain. Much cheaper than local taxis. If you use them they offer discounts if they haven't heard from you for a few days.

    Example run to Malage Airport

    50 yoyos normal taxi

    Bolt 25



  • Registered Users, Registered Users 2 Posts: 1,647 ✭✭✭Qrt


    typically taxi apps would require you to verify adding the card to their payment methods through the respective bank app, I know that’s been the case with mine.


    personally, I never use by debit card online, credit only. just lowers the possibility of the above happening



  • Registered Users, Registered Users 2 Posts: 84,733 ✭✭✭✭Atlantic Dawn
    M


    There seems to be a lot of make it up as they go along from the banks on fraud, the conditions they put in your way for legitimate transactions don't seem to be followed in lots of these fraud cases and they put the ball back in your court to answer whether fraud occured or not where their internal systems should have shot them down from the outset. Additionally the details they provide you about what fraud occured, from what country, who's names were on flights booked, taxis booked, vouchers booked etc etc should all be revealed by them so you can provide them to the Gardaí for investigation to the theft.



  • Registered Users, Registered Users 2 Posts: 1,323 ✭✭✭Hippodrome Song Owl


    Yes, although the sums taken are thankfully small, I have to say my dealings with AIB didn't inspire confidence.

    The man on the phone was distracted and chatting to people in the background - it took 5 attempts for him to accurately record my card number. And assuming these transactions are online and not using a physical clone of my card with pin, why did they go through without requiring authentication in the app?



  • Registered Users, Registered Users 2 Posts: 1,323 ✭✭✭Hippodrome Song Owl


    While I can switch to using credit card if it's safer, I feel this is most likely to have happened during an in-person transaction and not online. If it happened online then it is either Tesco, M&S, or Next that is compromised.



  • Registered Users, Registered Users 2 Posts: 1,647 ✭✭✭Qrt


    Statistically and technically it’s very unlikely to have originated from an in person transaction. Always exceptions though. Did you hear anything from the bank?



  • Registered Users, Registered Users 2 Posts: 373 ✭✭delboythedub


    Had a problem last June my card details were breached ie someone got my Pin Number and tried to go on a spending spree. Bank of ireland were quick to spot it and suspended my card. In fact they phoned me before i spotted the problem and i thought it was a scam call and I hung up on the phone call. I quickly called them back when I went into my account and they were nicer to me than I was to them on the previous call. They sent me a new card and all is well. Odd that I use PayPal / Revolute for most purchases and this happened



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,323 ✭✭✭Hippodrome Song Owl


    I haven't heard anything from AIB, but as of this morning the fraudulent transactions changed from Pending to Processed. My new card hasn't arrived yet either, though it is visible in the app so fingers crossed it's here by Friday.

    I'm surprised to hear online transactions on reputable websites are more risky than in-person. I always thought ATM withdrawals outside the actual bank were the riskiest - and that is something I did a week before this happened. It's something I usually never do, but needed cash to put in Christmas cards last minute on Fri 22nd Dec and withdrew from local shop's ATM.

    I wish AIB could provide more info though. I'm so worried this will happen again now on another card. But I will use credit card now if that's more protected. Just feels weird to be using credit unnecessarily. I never even had a credit card until very recently.



  • Registered Users, Registered Users 2 Posts: 1,647 ✭✭✭Qrt


    It’s not even the reputable websites part, it’s online in general. The Electric Ireland data breach is case and point.

    There are so many variables I doubt AIB will fully get to the bottom of it either, but they’ll do they investigation anyway.



  • Registered Users, Registered Users 2 Posts: 1,323 ✭✭✭Hippodrome Song Owl


    The fraudulent transactions were refunded today. So at least that's something.



  • Registered Users, Registered Users 2 Posts: 1,323 ✭✭✭Hippodrome Song Owl


    Concerning Update:

    My new card arrived a week ago but has not been used at all yet either online or in person as I decided to switch completely to using credit card. There are no payments coming out of this account other than mortgage, which is DD, so the new card details have never been given to any company or organisation.

    I just had another fraudulent non-Euro transaction for Bolt appear on my account.

    I have frozen my card and will contact AIB as soon as I can.

    How is this possible??



  • Registered Users, Registered Users 2 Posts: 17,863 ✭✭✭✭fritzelly


    Phone or Pc hacked?

    Account hacked?



  • Registered Users, Registered Users 2 Posts: 1,323 ✭✭✭Hippodrome Song Owl


    How would they get the card details though if I haven't even taken it out of the envelope yet? And the card details aren't fully visible on the app. I haven't logged into online banking on any other device in nearly a year.



  • Registered Users, Registered Users 2 Posts: 30,274 ✭✭✭✭AndrewJRenko


    Something similar happened me five years ago, with an AIB credit card being hit twice over a few months.

    I never really got to the bottom of it. I did put the new card on Google Pay at the time, so I thought maybe there was some breach there or off my phone.



  • Registered Users, Registered Users 2 Posts: 17,863 ✭✭✭✭fritzelly


    Dunno about Aib but you can usually see the full card details with security checks, are you sure the payment is using the card



  • Registered Users, Registered Users 2 Posts: 84,733 ✭✭✭✭Atlantic Dawn
    M


    I'm thinking it has to be some related transaction to the original compromised card that was pushed through.

    That said I in the past had annual travel insurance pushed through on to a new debit card despite me not providing the new card details to them, they wouldn't have the new expiry or CVT number but still got payment.



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,323 ✭✭✭Hippodrome Song Owl


    Thanks. You had at least used the card. Mine is literally still in the envelope it arrived in last Friday and has not been used at all in any way.



  • Registered Users, Registered Users 2 Posts: 1,323 ✭✭✭Hippodrome Song Owl


    No I don't see any way to see the full card details on AIB app.

    The payment says VDP - that's a point of sale pin payment isn't it?



  • Registered Users, Registered Users 2 Posts: 7,350 ✭✭✭Jeff2


    VDP- can be any payment made by the card whether using the pin or not.



  • Registered Users, Registered Users 2 Posts: 140 ✭✭johnnyk29


    The more common possibility is MasterCard automatic biller or Visa updater keeps throwing the new card into your card on file merchants. What this does is when you're issued a new card instead of continuously updating every service (i.e. PayPal, Amazon, gym memberships) it will pass the new card information to the recurring biller or card on file merchant. Many posts about this. On paper this is a great idea unless the fraudulent transaction itself was a recurring/card on file biller. This can create a perpetual cycle, BUT all banks have a way to stop the cycle pending you get to someone competent.

    If you have Netflix, Disney plus or anyplace your card info is stored I would cancel them as soon as you can.



  • Registered Users, Registered Users 2 Posts: 1,323 ✭✭✭Hippodrome Song Owl


    There are no subscriptions on the card. Just salary in and Mortgage DD. I transfer money to other accounts that have bills and payments and subscriptions linked to them. I usually only use this card to withdraw cash or online with literally three retailers - Next, M&S, and Tesco. And very occasionally in person.

    I was just on to AIB there and got a much more competent person than last time.

    As you said above @Jeff2 the transactions are online ones on Bolt - my mistake re VDP.

    As you said @johnnyk29 Bolt were literally given the new card details because it was a subscription. She said the card was blocked but not "closed".

    I am livid with AIB that the card was not 100% cancelled in the case of fraud.

    I was even told that if I had any payments set up through the card I would have to go update them or they would not go through anymore. Yet Bolt was given the new details so the fraud could continue.

    So another week with no card and now zero trust in AIB.



  • Registered Users, Registered Users 2 Posts: 7,350 ✭✭✭Jeff2


    This is an interesting thread and I like to know how they got your card information in the first place if you figure it out.

    Also the fact that they could charge you new card is news to me.

    You're lucky a higher amount of money wasn't taken and I think that might be down to a text from the bank about exchange rates. If it was in euros you wouldn't have got that text.



  • Advertisement
  • Moderators, Business & Finance Moderators Posts: 10,605 Mod ✭✭✭✭Jim2007


    This should be a serious warning for everyone: You are responsible for ensuring you understand how the financial products you use work. You need to sit down and read the documentation you received both before and after signing up. Do not make assumptions, they could turn out to be expensive.

    In particular you should understand:

    • The consequences of cancelling a card
    • Instructing a bank to not accept any further charges against a card
    • Closing an account
    • What happens to subscriptions when you do any of the above three.
    • How charge backs and related issues operate

    As an aside, banks sell financial products and just as you can't buy a car, you need to buy a particular make and model, you can't get a mortgage, credit card, savings account and so on. You sign up to a specific financial product, with it's own terms and conditions and indeed in some cases even terms that are specific to you. Do not assume that you product is the same as the one the guy in the pub has and expect the same treatment.



  • Registered Users, Registered Users 2 Posts: 25,620 ✭✭✭✭coylemj


    Is it possible the old card has not yet been cancelled and will still be considered active until you use the new card? I'd go to an ATM in a bank branch and do a balance check with the new card.

    If the old card has been cancelled then your bank has some answering to do if debits are still appearing when there is no active card on the account. Typically, a new card can't be used for online purchases untill it's used in an ATM or POS terminal and the PIN manually entered. So even if someone had all the details from that new card, they can't make a purchase or do anything until you activate the card.



  • Registered Users, Registered Users 2 Posts: 1,323 ✭✭✭Hippodrome Song Owl


    What more can a person do than explicitly tell the bank there is fraudulent activity so cancel the card so there can be no further unauthorised access to the account?? I even specifically discussed with the bank's agent that payments/subscriptions set up on the card would now be cancelled and I would have to arrange to pass on the new details as necessary. And as it happens I have no payments or subscriptions on the card- but the fraudster has a subscription to Bolt and AIB allowed the new card info to be passed to them despite:

    A - Bolt is the fraudulent activity, and

    B - they specifically told me that would not happen (card details passed on to existing subscriptions).

    AIB admit they are in the wrong. It is their error.

    So I don't see how your comment is of any relevance or help to me.



  • Registered Users, Registered Users 2 Posts: 2,399 ✭✭✭Glaceon


    I noticed this last year when my credit and debit cards expired. PayPal were automatically given the new expiry date. I’d much rather update my details manually than have the risk of the replacement for a stolen card being automatically updated.



  • Registered Users, Registered Users 2 Posts: 1,323 ✭✭✭Hippodrome Song Owl


    This wasn't even just a new expiry/CVV, it was a completely new card with new 16-digit number and new pin. And still updated on the fraudster's chosen subscription.



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,399 ✭✭✭Glaceon


    And that’s what scares me, that a whole new card would still get passed on.



  • Registered Users, Registered Users 2 Posts: 9,390 ✭✭✭markpb


    This is exactly how VAU/ABU works. Merchants who store your card details can opt to receive any updates to that card (new expiry, new PAN+expiry), as long as it's issued by the same bank. What fell down here is that Bolt should not have been allowed to continue processing recurring transactions against the same account, the recurring agreement should have been stopped when fraud was flagged.



  • Registered Users, Registered Users 2 Posts: 9,390 ✭✭✭markpb



    Card issuers have to try to balance convenience against security. They could absolutely decide to block every future transaction on a card once a single one is fraudulent and they could close they account and not issue any updates through Account Updater. That would definitely put a stop to fraud on that card but it would also inconvenience a lot of customers and merchants. What if you had checked out of a hotel that day and still had a pending payment or trashed the room and they wanted to bill you for it? What if you had a recurring payment agreed with someone but your payment was declined and they added a penalty to your account? Stopping account updates would make updating your card details on tens of websites much harder for you.

    On top of that, card issuers make money from every transaction on your card so it's in their interests to keep your Netflix and Disney subscriptions running and to make your next Amazon purchase as one-click as possible. They want your new card details out there so you can keep spending because when people have to think about updating their card details, they might think about not renewing those subscriptions.





  • That’s an appalling feature having the new card automatically updated across payments. I am with Bank of Ireland and with all its faults at least when card has been compromised I always have to update all payment types with new card details. As each payment type is used and found to be outdated all I do is update the payment method, only takes a couple of minutes and the next transaction can proceed. I would be very alarmed at automatic updating across payment methods like PayPal. It completely breaches security.



  • Registered Users, Registered Users 2 Posts: 5,876 ✭✭✭The J Stands for Jay


    It's poor form that the AIB app doesn't give a push notification every time there's a transaction on the account.



  • Registered Users, Registered Users 2 Posts: 7,350 ✭✭✭Jeff2


    I mostly use my Curve card linked to my AIB card. The Curve app gives push notification and a sound on my phone if there is a transaction. I'd guess it could have been helpful in some cases like this.



  • Registered Users, Registered Users 2 Posts: 15,296 ✭✭✭✭cj maxx


    To answer the OP , I’ve noticed strange things on a couple of my cards , which have been cancelled or refunded . The common denominator was use in the local shop and probably more importantly using in store ATM’s . I tend to only withdraw cash on bank ATM’s now and use PayPal / Apple Pay online .



  • Registered Users, Registered Users 2 Posts: 1,623 ✭✭✭JVince


    They would need to have a qualified machine within 4cm to read the card.


    Virtually unknown for card to be cloned that way.


    You are correct that it is likely the details were harvested months ago and then they target a time where you may not notice multiple transactions happening quickly



    The recent transaction is most likely a delayed transaction from the original card.


    There's plenty of card fraud. Yours is tiny. The bank won't spend time looking into it. You'll be refunded.



  • Registered Users, Registered Users 2 Posts: 7,350 ✭✭✭Jeff2


    With Curve card you can switch between bank cards like front AIB or Revolut. If you turn it to Revolut card you get notified twice if a transaction happened. Once from Curve and then from Revolut.

    Just saying......



  • Registered Users, Registered Users 2 Posts: 20,226 ✭✭✭✭cnocbui


    It seems being a dinosaur and hater of bank fees may have it's coincidental advantages. I take 1500 in cash from machines in banks and keep that as a float at home, from which I keep my wallet fed, and pay cash for everything that's in person. Online would be the only attack surface I present to the world, but I mostly use Paypal there. My last quarterly bank fees were €9.



  • Advertisement
Advertisement